kanidmd_core/https/apidocs/
mod.rs

1use axum::{middleware::from_fn, response::Redirect, routing::get, Router};
2use kanidm_proto::{attribute, internal, scim_v1, v1};
3use utoipa::{
4    openapi::security::{HttpAuthScheme, HttpBuilder, SecurityScheme},
5    Modify, OpenApi,
6};
7use utoipa_swagger_ui::SwaggerUi;
8
9use super::{errors::WebError, ServerState};
10
11// pub(crate) mod path_schema;
12
13pub(crate) mod response_schema;
14#[cfg(test)]
15pub(crate) mod tests;
16
17struct SecurityAddon;
18
19impl Modify for SecurityAddon {
20    fn modify(&self, openapi: &mut utoipa::openapi::OpenApi) {
21        if let Some(components) = openapi.components.as_mut() {
22            components.add_security_scheme(
23                "token_jwt",
24                SecurityScheme::Http(
25                    HttpBuilder::new()
26                        .scheme(HttpAuthScheme::Bearer)
27                        .bearer_format("JWT")
28                        .build(),
29                ),
30            )
31        }
32    }
33}
34
35// docs for the derive macro are here: <https://docs.rs/utoipa-gen/3.5.0/utoipa_gen/derive.OpenApi.html#info-attribute-syntax>
36#[derive(OpenApi)]
37#[openapi(
38    servers(
39        (url="https://{host}:{port}",
40            variables(
41                ("host" = (default="localhost", description="Server's hostname")),
42                ("port" = (default="8443", description="Server HTTPS port")),
43            )
44        )
45    ),
46    external_docs(url = "https://kanidm.com/docs", description = "Kanidm documentation page"),
47
48    paths(
49        super::generic::status,
50        super::generic::robots_txt,
51
52        super::oauth2::oauth2_image_get,
53
54        super::v1::raw_create,
55        super::v1::raw_delete,
56        super::v1::raw_modify,
57        super::v1::raw_search,
58
59        super::v1_oauth2::oauth2_id_image_delete,
60        super::v1_oauth2::oauth2_id_image_post,
61        super::v1_oauth2::oauth2_get,
62        super::v1_oauth2::oauth2_basic_post,
63        super::v1_oauth2::oauth2_public_post,
64        super::v1_oauth2::oauth2_id_get,
65        super::v1_oauth2::oauth2_id_patch,
66        super::v1_oauth2::oauth2_id_delete,
67        super::v1_oauth2::oauth2_id_image_post,
68        super::v1_oauth2::oauth2_id_image_delete,
69        super::v1_oauth2::oauth2_id_get_basic_secret,
70        super::v1_oauth2::oauth2_id_scopemap_post,
71        super::v1_oauth2::oauth2_id_scopemap_delete,
72        super::v1_oauth2::oauth2_id_sup_scopemap_post,
73        super::v1_oauth2::oauth2_id_sup_scopemap_delete,
74        super::v1_oauth2::oauth2_id_claimmap_join_post,
75        super::v1_oauth2::oauth2_id_claimmap_post,
76        super::v1_oauth2::oauth2_id_claimmap_delete,
77
78        super::v1_scim::scim_sync_post,
79        super::v1_scim::scim_sync_get,
80        super::v1_scim::scim_entry_id_get,
81        super::v1_scim::scim_person_id_get,
82        super::v1_scim::scim_person_id_application_create_password,
83        super::v1_scim::scim_person_id_application_delete_password,
84        super::v1_scim::scim_application_get,
85        super::v1_scim::scim_application_post,
86        super::v1_scim::scim_application_id_get,
87        super::v1_scim::scim_application_id_delete,
88        super::v1_scim::scim_schema_attribute_get,
89        super::v1_scim::scim_schema_class_get,
90
91        super::v1::schema_get,
92        super::v1::whoami,
93        super::v1::whoami_uat,
94        super::v1::applinks_get,
95        super::v1::schema_attributetype_get,
96        super::v1::schema_attributetype_get_id,
97        super::v1::schema_classtype_get,
98        super::v1::schema_classtype_get_id,
99        super::v1::person_get,
100        super::v1::person_post,
101        super::v1::service_account_credential_generate,
102        super::v1::service_account_api_token_delete,
103        super::v1::service_account_api_token_get,
104        super::v1::service_account_api_token_post,
105        super::v1::person_search_id,
106        super::v1::person_id_get,
107        super::v1::person_id_patch,
108        super::v1::person_id_delete,
109        super::v1::person_id_get_attr,
110        super::v1::person_id_put_attr,
111        super::v1::person_id_post_attr,
112        super::v1::person_id_delete_attr,
113        super::v1::person_get_id_certificate,
114        super::v1::person_post_id_certificate,
115        super::v1::person_get_id_credential_status,
116        super::v1::person_id_credential_update_get,
117        super::v1::person_id_credential_update_intent_get,
118        super::v1::person_id_credential_update_intent_ttl_get,
119
120        super::v1::service_account_id_ssh_pubkeys_get,
121        super::v1::service_account_id_ssh_pubkeys_post,
122
123        super::v1::person_id_ssh_pubkeys_get,
124        super::v1::person_id_ssh_pubkeys_post,
125        super::v1::person_id_ssh_pubkeys_tag_get,
126        super::v1::person_id_ssh_pubkeys_tag_delete,
127
128        super::v1::person_id_radius_get,
129        super::v1::person_id_radius_post,
130        super::v1::person_id_radius_delete,
131        super::v1::person_id_radius_token_get,
132
133        super::v1::account_id_ssh_pubkeys_get,
134        super::v1::account_id_radius_token_post,
135        super::v1::person_id_unix_post,
136        super::v1::person_id_unix_credential_put,
137        super::v1::person_id_unix_credential_delete,
138        super::v1::person_identify_user_post,
139        super::v1::service_account_get,
140        super::v1::service_account_post,
141        super::v1::service_account_get,
142        super::v1::service_account_post,
143        super::v1::service_account_id_get,
144        super::v1::service_account_id_delete,
145        super::v1::service_account_id_patch,
146        super::v1::service_account_id_get_attr,
147        super::v1::service_account_id_put_attr,
148        super::v1::service_account_id_post_attr,
149        super::v1::service_account_id_delete_attr,
150        super::v1::service_account_into_person,
151        super::v1::service_account_api_token_post,
152        super::v1::service_account_api_token_get,
153        super::v1::service_account_api_token_delete,
154        super::v1::service_account_credential_generate,
155        super::v1::service_account_id_credential_status_get,
156        super::v1::service_account_id_ssh_pubkeys_tag_get,
157        super::v1::service_account_id_ssh_pubkeys_tag_delete,
158        super::v1::service_account_id_unix_post,
159        super::v1::account_id_unix_auth_post,
160        super::v1::account_id_unix_token,
161        super::v1::account_id_unix_token,
162        super::v1::account_id_radius_token_post,
163        super::v1::account_id_radius_token_get,
164        super::v1::account_id_ssh_pubkeys_get,
165        super::v1::account_id_ssh_pubkeys_tag_get,
166        super::v1::account_id_user_auth_token_get,
167        super::v1::account_user_auth_token_delete,
168        super::v1::credential_update_exchange_intent,
169        super::v1::credential_update_status,
170        super::v1::credential_update_update,
171        super::v1::credential_update_commit,
172        super::v1::credential_update_cancel,
173        super::v1::domain_get,
174        super::v1::domain_attr_get,
175        super::v1::domain_attr_put,
176        super::v1::domain_attr_delete,
177        super::v1_domain::image_post,
178        super::v1_domain::image_delete,
179
180        super::v1::group_id_unix_token_get,
181        super::v1::group_id_unix_post,
182        super::v1::group_get,
183        super::v1::group_post,
184        super::v1::group_search_id,
185        super::v1::group_id_get,
186        super::v1::group_id_patch,
187        super::v1::group_id_delete,
188        super::v1::group_id_attr_delete,
189        super::v1::group_id_attr_get,
190        super::v1::group_id_attr_put,
191        super::v1::group_id_attr_post,
192        super::v1::system_get,
193        super::v1::system_attr_get,
194        super::v1::system_attr_post,
195        super::v1::system_attr_put,
196        super::v1::system_attr_delete,
197        super::v1::recycle_bin_get,
198        super::v1::recycle_bin_id_get,
199        super::v1::recycle_bin_revive_id_post,
200        super::v1::auth,
201        super::v1::auth_valid,
202        super::v1::logout,
203        super::v1::reauth,
204        super::v1_scim::sync_account_get,
205        super::v1_scim::sync_account_post,
206        super::v1_scim::sync_account_id_get,
207        super::v1_scim::sync_account_id_patch,
208        super::v1_scim::sync_account_id_attr_get,
209        super::v1_scim::sync_account_id_attr_put,
210        super::v1_scim::sync_account_id_finalise_get,
211        super::v1_scim::sync_account_id_terminate_get,
212        super::v1_scim::sync_account_token_post,
213        super::v1_scim::sync_account_token_delete,
214        super::v1::debug_ipinfo,
215        super::v1::public_jwk_key_id_get,
216
217    ),
218    components(
219        schemas(
220            attribute::Attribute,
221
222            scim_v1::ScimSyncState,
223            scim_v1::ScimSyncRequest,
224            scim_v1::ScimSyncRetentionMode,
225            scim_v1::ScimEntry,
226            scim_v1::ScimValue,
227            scim_v1::ScimMeta,
228            scim_v1::ScimAttr,
229            scim_v1::ScimApplicationPasswordCreate,
230            scim_v1::ScimApplicationPassword,
231            scim_v1::client::ScimEntryPostGeneric,
232
233            internal::ApiToken,
234            internal::ApiTokenPurpose,
235            internal::BackupCodesView,
236            internal::ConsistencyError,
237            internal::CreateRequest,
238            internal::CredentialDetail,
239            internal::CredentialDetailType,
240            internal::CredentialStatus,
241            internal::CUExtPortal,
242            internal::CUIntentToken,
243            internal::CURegState,
244            internal::CUSessionToken,
245            internal::CUStatus,
246            internal::DeleteRequest,
247            internal::Filter,
248            internal::Group,
249            internal::Modify,
250            internal::ModifyList,
251            internal::ModifyRequest,
252            internal::Oauth2ClaimMapJoin,
253            internal::OperationError,
254            internal::PasskeyDetail,
255            internal::PasswordFeedback,
256            internal::PluginError,
257            internal::RadiusAuthToken,
258            internal::SchemaError,
259            internal::SearchRequest,
260            internal::SearchResponse,
261            internal::TotpAlgo,
262            internal::TotpSecret,
263            internal::UatPurpose,
264            internal::UserAuthToken,
265            v1::AccountUnixExtend,
266            v1::ApiTokenGenerate,
267            v1::AuthAllowed,
268            v1::AuthCredential,
269            v1::AuthIssueSession,
270            v1::AuthMech,
271            v1::AuthRequest,
272            v1::AuthResponse,
273            v1::AuthState,
274            v1::AuthStep,
275            v1::Entry,
276            v1::GroupUnixExtend,
277            v1::PublicKeyKindSchema,
278            v1::SingleStringRequest,
279            v1::SshPublicKeySchema,
280            v1::KeyTypeKindSchema,
281            v1::KeyTypeSchema,
282            internal::UiHint,
283            v1::UatPurposeStatus,
284            v1::UatStatus,
285            v1::UatStatusState,
286            v1::UnixGroupToken,
287            v1::UnixUserToken,
288            v1::WhoamiResponse,
289            internal::CUCredState,
290            internal::CURegWarning,
291            internal::IdentifyUserResponse,
292            internal::AppLink,
293
294            internal::IdentifyUserRequest,
295            // terrible workaround for other things
296            response_schema::CreationChallengeResponse,
297
298            // terrible workaround for other things
299            response_schema::PublicKeyCredential,
300            // terrible workaround for other things
301            response_schema::RequestChallengeResponse,
302            // terrible workaround for other things
303            response_schema::Base64UrlSafeData,
304            // terrible workaround for other things
305            response_schema::BTreeSet,
306            // terrible workaround for other things
307            response_schema::Result,
308            // terrible workaround for other things
309            response_schema::ScimEntry,
310            //  workaround for the fact that BTreeSet can't be represented in JSON
311            response_schema::ProtoEntry,
312            // terrible workaround for other things
313            response_schema::Jwk,
314            response_schema::ScimComplexAttr,
315            WebError,
316        )
317    ),
318    modifiers(&SecurityAddon),
319    tags(
320        (name = "kanidm", description = "Kanidm API")
321    ),
322    info(
323        title = "Kanidm",
324        description = "API for interacting with the Kanidm system. This is a work in progress.",
325        contact( // <https://docs.rs/utoipa-gen/3.5.0/utoipa_gen/derive.OpenApi.html#info-attribute-syntax>
326            name="Kanidm Github",
327            url="https://github.com/kanidm/kanidm",
328        )
329    )
330)]
331pub(crate) struct ApiDoc;
332
333pub(crate) fn router() -> Router<ServerState> {
334    Router::new()
335        .route("/docs", get(Redirect::temporary("/docs/swagger-ui")))
336        .route("/docs/", get(Redirect::temporary("/docs/swagger-ui")))
337        .merge(SwaggerUi::new("/docs/swagger-ui").url("/docs/v1/openapi.json", ApiDoc::openapi()))
338        // overlay the version middleware because the client is sad without it
339        .layer(from_fn(super::middleware::version_middleware))
340}